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REMARKS 

Claims 1-9, 17-29, and 37 are pending in the present application. Claims 1,17, 
21. and 37 have been amended. Claims 10-16. 30-36, and 38 have been canceled. ' 
Reconsideration of the claims is respectfully requested. Applicants thank the examiner 
for the telephone conference on Wednesday, May 19, 2004 and for the follow-up on 
Friday, May 21, 2004. In the telephone conference, the examiner agreed that not all of 
the cited sections from the Office Action taught all of the features in the claims. The 
examiner believes that these features may be found in otiier sections of the cited 
references and would review the references again when the response is received. 
Applicants' representative also discussed with the examiner the issue of whether the two 
references could be properly combined. The examiner stated that she would review the 
arguments. Further, applicants' representative and die examiner discussed adding 
additional clarifying features to forther distinguish the claims from the cited references. 

35 U.S.C. S 1 03fa). Obvioiisnf^i^ 

The examiner has rejected claims 1-38 under 35 U.S.C. § 103(a) as being 
unpatentable over Sampson et al.. United States patent number 6.339.423. CSampson") 
in view of Bezos el al.. United States patent number 6,029,141, CBezos'% This rejection 
is respectfidly traversed. 

In rejecting the claims, the examiner stated: 

In reference to claims 1. 21, and 37. Sampson discloses a system 
for processmg data for providing access to resources within the data 
processmg system, the method comprising the data processing system 
implemented steps of: 

Receiving a request from a requestor to access a resource in the 
data processing system (column 5 lines 31-35). 

Sending a first cookie to the requestor in response to the request, 
wherem the cookie is used to access the resource (column 8 lines 45-5 1 in 
combmation with column 5 hnes 35-60). After the authentication of the 
browser, it is sent a cookie which it then uses to access resources on server 
Within the same domain. 

Storing an identification of the requestor and the first cookie to 
form a stored identification and a stored cookie (column 2 lines 27-40) 
The cUent machine 1 10 inherently has identification information stored in 
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the machine to identify itself to network. The browser receives the cookie 
and stores it. 

The system is responsive to receiving a second cookie from a 
source, comparing an identification of the source and the second cookie 
with the stored identification and the stored cookie (column 5 lines 10-14 
m combmation with column 7 lines 57-59). The browser is authenticated 
and authentication information inherently contains identification 
infonnation in order to complete the authentication, thus the process of 
authentication includes the step of identification and therefore would 
require identification information. 

The system is fiirther responsive to a verification of the cookie 
information and then allowing access to the resource (column 7 Unes IS- 
IS). Verification requires that the information in the cookie must match 
the expected information. 

Sampson does not expressly disclose the second cookie being 
matched with a stored cookie. 

However, Bezos discloses a verification process used to match the 
cookie with the information stored in the server. 

At the time the invention was made, it would have been obvious to 
a pereon of ordinary skill in the art to compare the cookie to information 
stored m the server m order to verify the user as in the method of Bezos in 
the system of Sampson. One of ordinary skill in the art would have been 
motivated to do this because the infonnation in the cookie is information 
compiled and used by the server therefore the cookie is a method for 
identifying the customer. 

Office Action dated April 8, 2004, pages 3-4. 

The examiner bears the burden of establishing aprima facie case of obviousness 
based on the prior art when rejecting claims under 35 U.S.C. § 103(a). In re Fritch, 972 
F.2d 1260, 23 U.S.P.Q.2d 1780 (Fed. Cir. 1992). In this particular case, the feature 
beUeved to be taught by the cited references are actually absent from these references. 
Specifically. Sampson sad Bezos do not teach die features of the presently claimed 
invention as alleged by the examiner. 

In comparing these cited references to die presently claimed invention, the 
features of the presentiy claimed invention may not be ignored. Amended claim 1 reads 
as follows: 

1 . A mediod in a data processing system for providing access to 
resources within the data processing system, die method comprising the 
data processing system implemented steps of: 

receiving a request from a requestor to access a resource in the data 
processing system; 
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sending a first cookie to the requestor in response to the request 
wherem the cookie IS used to access the resource; 

storing an identification of the requestor md the firet cookie to 
form a stored identification and a stored cookie, wherein the identification 
of the requestor Identifies a particular data processing system from which 
tne request originated; 

responsive to receiving a second cookie from a source, comparine 
Bn Identification of the source and the second cookie with the stored 
Identification and the stored cookie to detennine whether the second 
cookie contains the same information as the first cookie and whether the 
second cookie was received from the particular data processing system; 

responsive to a match between the identification of the source and 
the second coobe and the stored identification and the stored cookie 
allowing access to the resource. 

These features arc not taught in the two cited references as believed by the examiner. For 
example, the receiving and transmitting steps are not taught or suggested in Sampson as 
believed by the examiner. 

For example, the examiner points to the following portion of Sampson for the 
receiving step: 

Generally, in one embodiment, when a browser transmits a request 
to a protected server on behalf of a user to access a resource in a domain, 
and the browser does not transmit any access control cookies for the 
domam, the browser is connected to the secondary domain agent 
belonging to the domain. 

Sampson, column 5, lines 31-36. This section of Sampson specifically states that the 
request is transmitted by the browser, not the secondary domain agent. The requestorin 
this section is the browser. In this particular section, the request is sent from the browser 
to the secondary domain agent. In other words, the requestor is the browser. 

The examiner then points to the foUowing section of Sampson for sending the first 
cookie to the requestor. 

At step 440, the previously stored access control cookies, which 
are identified by Cookie_Set_Id, are transmitted to the Secondary Domain 
. "^i^: ? "° "6<^essary to cache the access control cookies At 

step 444, the Secondary Domain Agent 262 redirects browser 21 0-1 to the 
onginally requested resource, transmitting the access control cookies to 
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Sampson, colunm 8. lines 45-51. The cookie transmitted in this cited section is not to the 
requestor, but instead to the secondary domain agent. This is not the requestor identified 
by the examiner in the previously cited section. According to the examiners citation for 
the receiving step, the requestor is the browser, rather than the secondary domain agent. 
This component is not even located at the cUent on which the browser resides. One of 
ordinary skill in the art would not be motivated to modify this teaching to reach the 
receiving and sending step of the presently claimed invention based on the sections cited 
by the examiner. 

The examiner then points to the following portion of Scmpson for the storing step 
of claim I: 

Cookies are pieces of information which a server may create and 
transmit to a browser, to cause the browser to store the cookie and 
reb^smit it m subsequent requests to servers. A cookie maybe associated 
with a domain name used to identify the IP address of a server. A domain 
name is an identifier that identifies a set or one or more IP addresses 
examples of domain names are * enCommerce.com' or 'uspto gov' A 
browser transmits a cookie in conjunction with a request to the server to 
access a resource, transmitting the cookies as part of the request The 
cookies transmitted are associated with the domain name of the server. 

Sampson, column 2. lines 27-38. This section teaches transmitting a cookie to the 
browser. This section teaches that the cookie may be transmitted by the browser to a 
server, in response to a request for the cookie at a later time. Nowhere does Sampson 
teach that a copy of the cookie is stored in which the copy is that of a cookie transmitted 
to the requestor. This section also leaches associating a domain name of the server with 
the cookie. The domain name of the server, however, is not the identification of the 
requestor. The server is the entity that receives the request in &mp^o«. In contrast, the 
presently claimed invention stores the identification of the requestor rather than the 
identity of the server issuing the cookie as in this cited section of Sampson. 

In fact. Sampson clearly states that the cookie is associated with the server in the 
following: 

A domain name may be used in an address that identifies a 
resource, such as a URL. For example, a domain may be used to identify 
resources "sample lFile.htm" and "sample2File.htm", by using the URL 
www.deraoDomain/sample2File.htm", where 'demoDoraain' is the 
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domain name The domain name corresponds to the IP address of a server 
that may supply a resource. 

Sampson, column 2, lines 39-45. Thus, the storing step of the presently claimed 
invention is not taught or suggested by Sampson. 

Further, the comparing step in claim 1 also is not taught or suggested by Sampson 
in the section cited by the examiner. The examiner cites to the following two sections for 
the comparing step: 

Subsequently, the user may request access to another domain 
protected by access control system 220. Therefore, when the browser 
transmits the request to a web server belonging to the other domain, access 
control cookies for the user are not transmitted. A mechanism verifies 
whether a user has been authenticated without having to receive access 
control cookies or causing the user to log-in again. 

Sampson, column 5, lines 10-16. 

The step may include various processes for authenticating users, including 
user/password authentication, or use of digital certificates. 

Sampson, column 7, lines 57-59. The first cited section in Sampson teaches transmitting 
a request without a cookie. The second cited section in Sampson teaches determim-ng 
whether the user is authentic. The cited section states that various processes may be used 
including a user/password or digital certificates. Nowhere does this cited section teach, 
suggest, or provide any incentive for comparing the identification of the source and the 
second cookie with the stored identification and the stored cookie. This authentication 
only occurs if cookies have not been transmitted. As a result, the authentication occuis 
without comparing cookies as recited in the claims. The suggested authentication is via 
mechanism such as a user name/password or digital certificates. 

The examiner also admits that Sampson does not expressly teach that the second 
cookie is compared to a stored cookie. The examiner, however, points to Bezos for this 
deficiency. Bezos does not make up for the feature absent in Sampson as believed by the 
examiner. Bezos generally teaches comparing a cookie retrieved fit)m a browser with 
information in a server. TTiis teaching, however, is a general one that does not teach, 
suggest, or provide any incentive to compare an identification of the source of a second 
cookie and the second cookie with the stored identification and the stored cookie. 
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Bezos discloses: 

1 ^,VP^°J'"Stomer selection of a referral link, the computer program 
144 utilizes the customer cookie information 140 passed through an HTTP 
call to determine whether the particular customer (or technically the 
customo: computer 108) already has an open shopping cart (eveAt E2) As 
part of thisprocess. the computer program 144 executes cookie processing 
software (HG. 1), which assigns a unique customer ID to the customer 
based on the cookie information 140. If the customer's Web bix)wser 1 12 
does not support the use of cookies (or if the cookies feature is disabled) 
the program 144 uses URL infomiation received fiom the Web browser to 
generate the customer ID, 

The customer ID is in turn used by the software 144 to identify any 
shopping cart currently associated with the customer. If no shopping cart 
exists for the customer, a new shopping cart structure (which includes the 
customer ID) is generated within the shopping cart database 152 The 
customer ID is also stored in a customer database 148. The algorithm used 
by the program 144 to generate the customer IDs is such that a cookie 
retneved from the same customer computer will consistently produce the 
same customer ID. Thus, assuming the customer always uses the same 
computer to access the merchant site 106, and that the browser 1 12 
supports the use of cookies, the customer will be assigned the same 
customer ID, and will be associated with any existing shopping cart. 

Bezos, column 13, lines 42-67. As can be seen, this section only teaches using 
information in the cookie to identify a shopping cart in a database. A comparison of the 
source of the second cookie and the second cookie with the stored identification and the 
stored cookie is not made. A comparison of cookies and identifications are not made as 
recited in claim 1. Therefore, no such comparison is taught or suggested by either 
Sampson ot Bezos alone or in combination. 

Further, claim 1 has been amended to recite that the identification of the requestor 
identifies a particular data processing system from which the request originated. This 
feature is not taught or suggested by either reference alone or in combination. In 
addition, the comparing step is perfonned to determine whether the second cookie 
contains the same information as the first cookie and whether the second cookie was 
received from the particular data processing system. This feature is also not taught or 
suggested by either reference alone or in combination. 

Additionally, one of ordinary skill in the art would not be motivated to combine 
or modify these references in the manner suggested by the examiner when these 
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references are considered as a whole by one of ordinary skiU in the art. In considering 
these references as a whole, one of ordinary skill in the art would consider the problems 
recognized by the cited references. These two cited references are directed towards 
solving different problems. 

For example, Sampson is directed towards the following: 

nni 'Ir,*-'*"' ^ conventional access control system is that it 

only consols access to a set of servers and resources that belong to one 
domain. The underlying reason for this limitation is as follows When a 
conventional access control system supplies access control cookies to a 
user that has just been authenticated, the cookies transmitted are 
associated with the domain of the access control system When the 
browser requests access to another resource in another domain, the access 
control coobes are not transmitted because they are associated with the 
other domain. Thus, each domain name used to deploy a set of servers or 
resources reqmrcs its own implementation and maintenance of an access 
control system, addmg to the expense of securing resources accessible 
over a network. In addition, for each domain name a user must login 
Thus the user may be encumbered by repetitious login procedur^ or the 
numbCT of domain names that may be used are limited by efforts to avoid 
encumbenng the user. 

Based on the foregoing, it is clearly desirable to provide an access 
confrol system that may be used to manage access to a set of resources 
deployed under muhiple domain names, particular, requires a user to login 
just once to access die set of resources. 

Sampson, column 2 line 62-column 3 Une 17. As can be seen. Sampson is 
directed towards access control problems. 

hi contrast, Bezos recognizes the following problem: 

A„ u • Y'V^^ increasing popularity of the tatemet and the World Wide 
web. It has become common for merchants to set up Web sites for 
marketing and selling goods. One example of such a Web site is the online 
bookstore site of AMAZON.COM, the assignee of the present invention 
Via this site, consumers can access and place orders from an online book 
catalog that includes millions of titles. 

One problem commonly encountered by onUne merchants is an 
inabihty to effectively market goods via their Web sites. Because the 
customer cannot physically inspect the products via the Web site and 
typically cannot talk to a salesperson, it is desirable that the site provide 
access to product reviews, product ratings, and other information diat can 
be rehed on by the customer to make an informed decision, hi many cases 
however, ttie merchant lacks the resources needed to generate or otherwise 
obtam such information, especially if the merchant sells a large and 
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rtT^, ? , P'^"^ o"" ^ven a significant portion of 

the milhons of htles available on the AMAZON COM site 

in«hil.- J^°^'-P".?^®'" commonly faced by online merchants is an 
Zl oZL^r^ ^ attract potential consumers to their Web sites. One 
way of attracmig consumers has been to market the site through television 
newspaper and Internet advertisements. However, advertising a SfaiT' 
conventional methods can be expensive, and can ;ons,Sie silalficlr^ 

STeS-^H ^ °r impossib^to evaluate 

the effectiveness ofa given advertisement 

Bezos, column 1, lines 17-45. Bezos recognizes problems in providing infonnation 
regardmg goods being sold online to customers and attracting customers to Websites. 

Further, when these two references are considered as a whole, they are directed 
towards vastly different types of solutions. For example. Sampson provides the following 



solution: 



K uses a single access control system to manage 

Accordmg to one aspect, a server is associated with each domain in a set 
of domains. Access to resources in the domains is governed by an access 
control system. A first server for a first domain transmits a dai tokS to a 
Ghent seeking access to a resource in a second domain. The client 
transmits the data token to a second server in the other domain The 
second server uses the data token to verify that the user is, authorized to 
access resources protected by the access control system. Once determining 
mat the user is authorized to access resources, access control "cookies" are 
transmitted to client. 

Sampson^ column 3. lines 20-32. Sampson discloses an access control mechanism. 

On the other hand, Bezos discloses a mechanism for enablmg merchants to market 
and sell goods on websites as follows: 

Disclosed is an Intanet-based referral system that enables individuals and 
other business entities ("associates") to market products, in return for a 
commission, that are sold firom a merchant's Web site. The system 
includes automated registration software that runs on the merchant's Web 
site to allow entities to register as associates. Following registration the 
associate sets up a Web site (or other information dissemination system) to 
distribute hypertextual catalog documents that includes marketing 
information (product reviews, recommendations, etc.) about selected 
products of the merchant. In association with each such product the 
catalog document includes a hypertextual "referral link" that alliws a user 
( customer ) to link to the merchant's site and purchase the product. When 
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a customer selects a referral link, the customer's computer transmite 
umquc IDs of Ac selected product and of the associate d th^Ti,3 

? subsequently purchases the product from the 

mercl^fs site, a commission is automatically credited to an ao^lVof 
&e refemng associate. The merchant site also implements an elStromc 
shopping cart that allows the customer to select pLucTfrl mtSe 

^ezo^, Abstract. 

Thus, when these cited references are considered as a whole one of onlinary skill 

mthe art would not bemotivated to combine these two references in the manner stated by 
the examiner, even if these two references could be argued to teach the features as 

proposed by the examiner. 

The other independent claims are claims containing one or more features similar 
to those in claim 1. which are not taught or suggested by the cited references The 
dependent claims are patentable over these cited references for the same reasons as the 
independent claims. Further, these claims also include other features not taught or 
suggested by the cited references. 

For example, claim 8 states that the steps are performed in a browser. The 
portions or Sampson cited by the examiner indicate that at least some of the steps occur at 
a server, rather than having all of the steps occur in a browser. 

m yet another example, claim 9 includes generating a disk location number fit)m a 
path for a file that forms the resource. This claim also includes placing the disk location 
number into the first cookie. The examiner only states that Sampson discloses the 
resource as being a static file. The examiner has pn>vided line numbers without a column 
citation for Sampson. Column 2 describes resources as being files, but nowhere does the 
cited reference state that the location of the resource in the fonn of a disk location 
number is placed into the first cookie. The examiner only asserts that the information 
contains the file location. No teaching, suggestion, or incentive is present for placing a 
disk location number into the first cookie as recited in claim 9. 

Therefore, the rejection claims 1-38 under 35 U.S.C. § 103(a) have been 
overcome. 
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n. 



Conclusion 



It is respectfully urged that the subject application is patentable over the above- 
cited references and is now in condition for allowance. 

The examiner is invited to call the undersigned at the below-listed telephone 
number if in the opinion of the examiner such a telephone conference would expedite o: 
aid the prosecution and examination of this application, 

DATE: June IS. 2004 



Respectfully submitted. 



DukeW.Yee ^ 
Reg. No. 34^85 
Yee & Associates, P.C. 
P.O. Box 802333 
Dallas, TX 75380 
(972) 367-2001 
Attorney for Applicants 
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